2018-09-10 13:00:00
mitre
PUBLISHED
In Monstra CMS 3.0.4, an attacker with Editor privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&user_id=1, Insecure Direct Object Reference (IDOR).